The way to an own clowd - Part 8
The way to an own clowd (Part 8) - Set up Nextcloud quickly & securely
Whoever thinks about self-hosting and digital sovereignty can hardly ignore Nextcloud: Nextcloud is the open-source standard when it comes to private cloud storage, calendars, contacts, file sharing, and office tools running in your own data center.
The software is not just a cloud storage solution. It’s a complete platform: You can share files, sync calendars and contacts, back up your photos, and install countless extensions.
Installing the Service
First, create a dedicated database user:
sudo -u postgres psql
Inside the psql tool, run the following commands (choose strong passwords!):
CREATE USER nextclouduser WITH PASSWORD '<STRONG-PASSWORD>';
CREATE DATABASE nextcloud WITH OWNER nextclouduser;
GRANT ALL PRIVILEGES ON DATABASE nextcloud TO nextclouduser;
Exit the tool with exit or \q.
Now create a directory for Nextcloud and change into it:
sudo mkdir -p /opt/nextcloud
cd /opt/nextcloud
Create a file called docker-compose.yaml in this directory (adjust values as needed):
services:
nextcloud:
image: localhost:5000/nextcloud:stable-fpm-alpine
container_name: nextcloud
environment:
- POSTGRES_HOST=host.docker.internal
- POSTGRES_DB=nextcloud
- POSTGRES_USER=nextclouduser
- POSTGRES_PASSWORD=<STRONG-PASSWORD>
- NEXTCLOUD_TRUSTED_DOMAINS=cloud.your-domain.tld
- NEXTCLOUD_ADMIN_USER=mickeymouse
- NEXTCLOUD_ADMIN_PASSWORD=<STRONG-ADMIN-PASSWORD>
ports:
- "8080:80"
volumes:
- ./html:/var/www/html
- ./data:/var/www/html/data
restart: unless-stopped
extra_hosts:
- "host.docker.internal:host-gateway"
Tip:
Change the value of NEXTCLOUD_ADMIN_USER from mickeymouse to a random but memorable name, not directly associated with your real identity.
To safely get the Nextcloud image into your local Docker registry, run:
docker pull nextcloud:stable-fpm-alpine
docker tag nextcloud:stable-fpm-alpine localhost:5000/nextcloud:stable-fpm-alpine
docker push localhost:5000/nextcloud:stable-fpm-alpine
Start Nextcloud as a service:
docker compose up -d
The first startup can take a few minutes. Optionally, you can watch the logs live with docker compose up and stop with CTRL+C once it’s ready.
To make Nextcloud accessible from the outside, pick a random unused port between 1024 and 65535:
echo $(shuf -i 1024-65535 -n 1)
Now create a new NGINX configuration at /etc/nginx/sites-available/nextcloud (adapt values as needed):
server {
listen <RANDOM-PORT> ssl;
server_name <CLOUD-DOMAIN>;
ssl_certificate /etc/letsencrypt/live/<CLOUD-DOMAIN>/fullchain.pem;
ssl_certificate_key /etc/letsencrypt/live/<CLOUD-DOMAIN>/privkey.pem;
client_max_body_size 2G; # allow large files
location / {
proxy_pass http://localhost:8080;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
}
}
Enable the config and reload NGINX:
sudo ln -s /etc/nginx/sites-available/nextcloud /etc/nginx/sites-enabled/nextcloud
sudo systemctl restart nginx
Allow the selected port in your firewall:
sudo ufw allow <RANDOM-PORT>
sudo ufw reload
You can now access Nextcloud in your browser at https://<CLOUD-DOMAIN>:<RANDOM-PORT> and finish the setup.
Apps
To keep all your data up-to-date everywhere, there are handy sync apps for Windows, macOS, Linux, Android, and iOS.
These apps let you automatically sync files, photos, contacts, and calendars between all your devices and your private cloud.
You can find all apps at: https://nextcloud.com/de/installation
Conclusion
With Nextcloud, you quickly get a powerful and flexible cloud solution running on your own server – fully under your control. Whether it’s files, photos, contacts, or calendars: everything stays private and syncs securely across all your devices.
Quick & Dirty
# Create Postgres user & DB
sudo -u postgres psql <<EOF
CREATE USER nextclouduser WITH PASSWORD 'YOUR-STRONG-PASSWORD';
CREATE DATABASE nextcloud WITH OWNER nextclouduser;
GRANT ALL PRIVILEGES ON DATABASE nextcloud TO nextclouduser;
\\q
EOF
# Create Nextcloud directory
sudo mkdir -p /opt/nextcloud
cd /opt/nextcloud
# Create docker-compose.yaml (edit your values!)
cat <<EOF > docker-compose.yaml
services:
nextcloud:
image: localhost:5000/nextcloud:stable-fpm-alpine
container_name: nextcloud
environment:
- POSTGRES_HOST=host.docker.internal
- POSTGRES_DB=nextcloud
- POSTGRES_USER=nextclouduser
- POSTGRES_PASSWORD=YOUR-STRONG-PASSWORD
- NEXTCLOUD_TRUSTED_DOMAINS=cloud.my-domain.eu
- NEXTCLOUD_ADMIN_USER=randomuser
- NEXTCLOUD_ADMIN_PASSWORD=VERYSTRONGADMINPW
ports:
- "8080:80"
volumes:
- ./html:/var/www/html
- ./data:/var/www/html/data
restart: unless-stopped
extra_hosts:
- "host.docker.internal:host-gateway"
EOF
# Get image into local registry
docker pull nextcloud:stable-fpm-alpine
docker tag nextcloud:stable-fpm-alpine localhost:5000/nextcloud:stable-fpm-alpine
docker push localhost:5000/nextcloud:stable-fpm-alpine
# Start Nextcloud
docker compose up -d
# Choose a free port for HTTPS proxy
PORT=$(shuf -i 1024-65535 -n 1)
echo "Random port: $PORT"
# Create NGINX config (adjust path & values!)
sudo tee /etc/nginx/sites-available/nextcloud >/dev/null <<EONGX
server {
listen $PORT ssl;
server_name cloud.my-domain.eu;
ssl_certificate /etc/letsencrypt/live/cloud.my-domain.eu/fullchain.pem;
ssl_certificate_key /etc/letsencrypt/live/cloud.my-domain.eu/privkey.pem;
client_max_body_size 2G;
location / {
proxy_pass http://localhost:8080;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
}
}
EONGX
# Enable NGINX config & reload server
sudo ln -sf /etc/nginx/sites-available/nextcloud /etc/nginx/sites-enabled/nextcloud
sudo systemctl restart nginx
# Open firewall port
sudo ufw allow $PORT
sudo ufw reload